Betsy Speicher

Spam Attacks on THE FORUM

41 posts in this topic

My fix to unlock accounts with a valid login seems to be working because I haven't had any complaints yet the spammers continually target THE FORUM's frequent posters.
Do you think this might a concerted attack rather than just advertisers? We experienced an attack by a group of 5-10 guys a couple of years ago: folks who wanted to "have some fun" causing confusion on an Objectivist forum. I wonder if there's something similar going on here. Is there a pattern to the IPs? Are they from some particular country?

Share this post


Link to post
Share on other sites
Make sure you have a good, non-obvious, and hopefully unique password.

Good password means no dictionary words or names and at least 8 characters with both upper and lower case letters together with numbers and non-alphabetic special characters. Then periodically change it to something else just as good to block the long term combinatorial attacks.

Share this post


Link to post
Share on other sites
Do you think this might a concerted attack rather than just advertisers? We experienced an attack by a group of 5-10 guys a couple of years ago: folks who wanted to "have some fun" causing confusion on an Objectivist forum. I wonder if there's something similar going on here. Is there a pattern to the IPs? Are they from some particular country?

Or a Soros-funded type moveon organization deliberately trying to cause chaos and time-consuming disruption, to say nothing of what they would do with identity theft following a break-in. Such hackers are out in the world in force today. Track them through the IP addresses.

Share this post


Link to post
Share on other sites
Do you think this might a concerted attack rather than just advertisers? We experienced an attack by a group of 5-10 guys a couple of years ago: folks who wanted to "have some fun" causing confusion on an Objectivist forum. I wonder if there's something similar going on here. Is there a pattern to the IPs? Are they from some particular country?

Or a Soros-funded type moveon organization deliberately trying to cause chaos and time-consuming disruption, to say nothing of what they would do with identity theft following a break-in. Such hackers are out in the world in force today. Track them through the IP addresses.

I do track IP addresses and so do various services I use like Stop Forum Spam (link) and Project Honeypot (link). The same spammers have made similar attacks on other forums -- right-wing, left-wing, non-political, etc. Once they gain access -- which my member screening techniques do not give them -- they post spam advertising. As for denial of service attacks, there are flood-prevention features built into THE FORUM's software to foil them and that has never been a problem.

Share this post


Link to post
Share on other sites
Do you think this might a concerted attack rather than just advertisers? We experienced an attack by a group of 5-10 guys a couple of years ago: folks who wanted to "have some fun" causing confusion on an Objectivist forum. I wonder if there's something similar going on here. Is there a pattern to the IPs? Are they from some particular country?

Or a Soros-funded type moveon organization deliberately trying to cause chaos and time-consuming disruption, to say nothing of what they would do with identity theft following a break-in. Such hackers are out in the world in force today. Track them through the IP addresses.

I do track IP addresses and so do various services I use like Stop Forum Spam (link) and Project Honeypot (link). The same spammers have made similar attacks on other forums -- right-wing, left-wing, non-political, etc. Once they gain access -- which my member screening techniques do not give them -- they post spam advertising. As for denial of service attacks, there are flood-prevention features built into THE FORUM's software to foil them and that has never been a problem.

Are you able to automatically filter on IP addresses and automatically report them to block lists the way email spam is dealt with? Project Honeypot sounds like it's similar to spam traps and tar pits to catch spammers fishing for email addresses to use -- they are allowed to 'discover' fake addresses, which their use of then makes it easier to report their IP addresses to block lists, which are then used to filter out other spam to valid addresses.

How do you know the hackers here are all the same ones attacking other sites?

Share this post


Link to post
Share on other sites
Are you able to automatically filter on IP addresses and automatically report them to block lists the way email spam is dealt with?

THE FORUM's software does have a Ban List filter which I use for persistent spam locations and for banning entire countries like Russia and Red China. There are automatic blockers that interface with THE FORUM's software, but they require software modifications and/or monthly charges. So far, it has not been worth it.

Project Honeypot sounds like it's similar to spam traps and tar pits to catch spammers fishing for email addresses to use -- they are allowed to 'discover' fake addresses, which their use of then makes it easier to report their IP addresses to block lists, which are then used to filter out other spam to valid addresses.

That's the way that one works. Stop Forum Spam depends on member reports.

How do you know the hackers here are all the same ones attacking other sites?

They have the same IP addresses, email addresses, and/or user names.

Share this post


Link to post
Share on other sites

I'm not sure if this is related to the recent attacks on the FORUM, but when I clicked on "View New Posts" yesterday, I got a list of posts that (i) had already appeared on my VNP, (ii) were put up a day or two before.

Share this post


Link to post
Share on other sites

Could this be related to what's happened to me? I can't access The Forum from my home IP, it just brings me to a login screen from where I can't login. However my account is, clearly, still working.

Share this post


Link to post
Share on other sites
Could this be related to what's happened to me? I can't access The Forum from my home IP, it just brings me to a login screen from where I can't login. However my account is, clearly, still working.

THE FORUM logs you out whenever you change IP addresses (which goes against web standards whereby an IP address is supposed to be distinct from web session state). So if you are behind rotating proxy servers, it's essentially impossible to use THE FORUM logged in. I'm guessing this is the situation you're facing. There was an earlier thread on this:

http://forums.4aynrandfans.com/index.php?showtopic=11431

Share this post


Link to post
Share on other sites

Here is an article on Google's new double authentication security system. It looks like a complex way to compensate for users not using strong passwords.

... Google recently introduced a new security feature. It adds an extra step when you sign in from new locations. That creates another obstacle for hackers...

Google still uses an account password as the first form of authentication. The second requirement is a temporary verification code. It can only be used once. This prevents hackers from stealing it. The verification code is sent to you via your phone. There are three delivery methods. You can use the Google Authenticator app. The code can be sent as a text message. Or you can get the code via an automated call....

Your phone number is added to your account when verification is enabled. A backup number can be added, such as a landline. That's handy if you lose your primary phone...

However, you won't need extra authentication every time you use Google. It typically appears when you are using an unfamiliar browser or computer...

Full article.

Share this post


Link to post
Share on other sites
Could this be related to what's happened to me? I can't access The Forum from my home IP, it just brings me to a login screen from where I can't login. However my account is, clearly, still working.

THE FORUM logs you out whenever you change IP addresses (which goes against web standards whereby an IP address is supposed to be distinct from web session state). So if you are behind rotating proxy servers, it's essentially impossible to use THE FORUM logged in. I'm guessing this is the situation you're facing. There was an earlier thread on this:

http://forums.4aynrandfans.com/index.php?showtopic=11431

The problem is that I can't login at all from home. It just brings me to a login screen which I can't get past. My guess is that my ISP uses an IP range that has been blocked.

Share this post


Link to post
Share on other sites
Could this be related to what's happened to me? I can't access The Forum from my home IP, it just brings me to a login screen from where I can't login. However my account is, clearly, still working.

THE FORUM logs you out whenever you change IP addresses (which goes against web standards whereby an IP address is supposed to be distinct from web session state). So if you are behind rotating proxy servers, it's essentially impossible to use THE FORUM logged in. I'm guessing this is the situation you're facing. There was an earlier thread on this:

http://forums.4aynrandfans.com/index.php?showtopic=11431

The problem is that I can't login at all from home. It just brings me to a login screen which I can't get past. My guess is that my ISP uses an IP range that has been blocked.

The same thing happens to me. I cannot login from home, but can login from a different location.

Share this post


Link to post
Share on other sites
Could this be related to what's happened to me? I can't access The Forum from my home IP, it just brings me to a login screen from where I can't login. However my account is, clearly, still working.

THE FORUM logs you out whenever you change IP addresses (which goes against web standards whereby an IP address is supposed to be distinct from web session state). So if you are behind rotating proxy servers, it's essentially impossible to use THE FORUM logged in. I'm guessing this is the situation you're facing. There was an earlier thread on this:

http://forums.4aynrandfans.com/index.php?showtopic=11431

The problem is that I can't login at all from home. It just brings me to a login screen which I can't get past. My guess is that my ISP uses an IP range that has been blocked.

The same thing happens to me. I cannot login from home, but can login from a different location.

If Red, Carlos, JeffT, or anyone else is having trouble logging in from a legitimate address, send an email to me -- betsy@speicher.com -- from that address. I'll check the IP address on the email against the list of banned IP addresses and tweak it as necessary.

Share this post


Link to post
Share on other sites
Could this be related to what's happened to me? I can't access The Forum from my home IP, it just brings me to a login screen from where I can't login. However my account is, clearly, still working.

THE FORUM logs you out whenever you change IP addresses (which goes against web standards whereby an IP address is supposed to be distinct from web session state). So if you are behind rotating proxy servers, it's essentially impossible to use THE FORUM logged in. I'm guessing this is the situation you're facing. There was an earlier thread on this:

http://forums.4aynrandfans.com/index.php?showtopic=11431

The problem is that I can't login at all from home. It just brings me to a login screen which I can't get past. My guess is that my ISP uses an IP range that has been blocked.

The same thing happens to me. I cannot login from home, but can login from a different location.

If Red, Carlos, JeffT, or anyone else is having trouble logging in from a legitimate address, send an email to me -- betsy@speicher.com -- from that address. I'll check the IP address on the email against the list of banned IP addresses and tweak it as necessary.

¬°Gracias!

Share this post


Link to post
Share on other sites

The attempts by spammers to log into current member's accounts have ceased and THE FORUM's spam filters block most of the membership applications from known spam domains and countries like Russia, Red China, and the Ukraine. In addition, would-be members must pass a sophisticated CAPTCHA and reply to an automated email sent to the applicant's email address.

Nonetheless, since last night, the following userids got through those filters and applied for membership on THE FORUM:

Poltsnark, Aciriulourb, accideleawn, XFAaron, sdteeths, Pitt Vanpirus, fexEvelpevalp, AlliceBlac, Dablybape, Assilinnerono, atmowcawn, lllempitlylypeiii, Essencepaps, estimulkike, SildenafilCitrate, Rajog Femif, repunzel, fegxsv, cleamnPlayera, StarcraftlyGG, nudecelebsl, Gunmanfd, Guiugng, Fantistackmes, blilliogs, RonnieCV, retractableawning, HarrisPYFL, charisem41, Symnitanomeneouro, clibefrorce, ChristiniaMccleaf, Zeftaiffboaro, meherbBib, dbekieSma9, HomerPK, thedrunks, HiexiaGew, hothIllussy, tnocsev, Preomeosteoma, roirwqd, coldJapLiaplyexopy, fjgxqv, organnaAdartyp, MarcUU, LDDavid, TLSubmit, eeEnriffchunceee, TicPaggimbgip, dress, smilebenx, coojnmmsc, assisaonemi, Jamboree in the Hills, neasteldisepe, echteshaar, citeGatedremi, mikecf, BaceArremia, prophybab, sourringfriend, QuickCowll, MicsLiest, viahinsesse5H, dereiki1, Brossipse, Wowon Nanon, RichardWV, Party-Arriguebruddy, ed hardy clothing, organnaAdartyk, SemyGermmom, Teemssync, UnsassyLofLog, repunzel, ChristiniaMccleaf, aniskmamene, Party-Scurnnorjoupe, Tetskaphyhaph, mvoeiamonnu, dialienrora, Hoiffedia, ImmoraTyday, Top Travel, AxiorhitOdori

Which were spammers? ALL of them.

Share this post


Link to post
Share on other sites
The attempts by spammers to log into current member's accounts have ceased and THE FORUM's spam filters block most of the membership applications from known spam domains and countries like Russia, Red China, and the Ukraine. In addition, would-be members must pass a sophisticated CAPTCHA and reply to an automated email sent to the applicant's email address.

Nonetheless, since last night, the following userids got through those filters and applied for membership on THE FORUM:

Poltsnark, Aciriulourb, accideleawn, XFAaron, sdteeths, Pitt Vanpirus, fexEvelpevalp, AlliceBlac, Dablybape, Assilinnerono, atmowcawn, lllempitlylypeiii, Essencepaps, estimulkike, SildenafilCitrate, Rajog Femif, repunzel, fegxsv, cleamnPlayera, StarcraftlyGG, nudecelebsl, Gunmanfd, Guiugng, Fantistackmes, blilliogs, RonnieCV, retractableawning, HarrisPYFL, charisem41, Symnitanomeneouro, clibefrorce, ChristiniaMccleaf, Zeftaiffboaro, meherbBib, dbekieSma9, HomerPK, thedrunks, HiexiaGew, hothIllussy, tnocsev, Preomeosteoma, roirwqd, coldJapLiaplyexopy, fjgxqv, organnaAdartyp, MarcUU, LDDavid, TLSubmit, eeEnriffchunceee, TicPaggimbgip, dress, smilebenx, coojnmmsc, assisaonemi, Jamboree in the Hills, neasteldisepe, echteshaar, citeGatedremi, mikecf, BaceArremia, prophybab, sourringfriend, QuickCowll, MicsLiest, viahinsesse5H, dereiki1, Brossipse, Wowon Nanon, RichardWV, Party-Arriguebruddy, ed hardy clothing, organnaAdartyk, SemyGermmom, Teemssync, UnsassyLofLog, repunzel, ChristiniaMccleaf, aniskmamene, Party-Scurnnorjoupe, Tetskaphyhaph, mvoeiamonnu, dialienrora, Hoiffedia, ImmoraTyday, Top Travel, AxiorhitOdori

Which were spammers? ALL of them.

Some good character names for SF -- Rajog Femif, Hiexia Gew, Bace Arremia, Immora Tyday... not bad...

Poltsnark sounds like a mythical forest dweller with a bad attitude (educated at Harvard on an affirmative action scholarship).

Share this post


Link to post
Share on other sites